From: lpsolit%gmail.com <> Date: Mon, 5 May 2008 05:05:48 +0000 (+0000) Subject: Bug 425665: [SECURITY] XSS in show_bug.cgi: id isn't filtered for format=multiple... X-Git-Tag: bugzilla-3.1.4~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ecaf3819ef8907f91134d61453f4e31e630c3c30;p=thirdparty%2Fbugzilla.git Bug 425665: [SECURITY] XSS in show_bug.cgi: id isn't filtered for format=multiple - Patch by Frédéric Buclin r=mkanat r=wurblzap a=LpSolit --- diff --git a/show_bug.cgi b/show_bug.cgi index 4e3aac982f..782293af5a 100755 --- a/show_bug.cgi +++ b/show_bug.cgi @@ -100,7 +100,7 @@ $vars->{'marks'} = \%marks; $vars->{'valid_keywords'} = [map($_->name, Bugzilla::Keyword->get_all)]; $vars->{'use_keywords'} = 1 if Bugzilla::Keyword::keyword_count(); -my @bugids = map {$_->bug_id} @bugs; +my @bugids = map {$_->bug_id} grep {!$_->error} @bugs; $vars->{'bugids'} = join(", ", @bugids); # Next bug in list (if there is one) diff --git a/template/en/default/bug/show-multiple.html.tmpl b/template/en/default/bug/show-multiple.html.tmpl index 2562903a60..1442cae4f8 100644 --- a/template/en/default/bug/show-multiple.html.tmpl +++ b/template/en/default/bug/show-multiple.html.tmpl @@ -36,12 +36,12 @@ [% ids = [] %] [% FOREACH bug = bugs %] [% PROCESS bug_display %] - [% ids.push(bug.bug_id) %] + [% ids.push(bug.bug_id) UNLESS bug.error %] [% END %] [% IF ids.size > 1 %]
- +
@@ -63,7 +63,7 @@ [% BLOCK bug_display %]

[% terms.Bug %] - [% bug.bug_id %] + [% bug.bug_id FILTER html %] [% IF Param("usebugaliases") AND bug.alias AND NOT bug.error %] ( [% bug.alias FILTER html %]) diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl index 2fb8b48e09..c25e400c3f 100644 --- a/template/en/default/filterexceptions.pl +++ b/template/en/default/filterexceptions.pl @@ -326,7 +326,6 @@ ], 'bug/show-multiple.html.tmpl' => [ - 'bug.bug_id', 'attachment.id', 'flag.status', ],